Hacker101Source code for Hacker101.com - a free online web and mobile security class.
Stars: ✭ 12,246 (+87371.43%)
XssmapXSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具
Stars: ✭ 134 (+857.14%)
PhpvulnAudit tool to find common vulnerabilities in PHP source code
Stars: ✭ 146 (+942.86%)
ArachniWeb Application Security Scanner Framework
Stars: ✭ 2,942 (+20914.29%)
Pentesting BibleLearn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+64050%)
Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (+2678.57%)
solutions-bwappIn progress rough solutions to bWAPP / bee-box
Stars: ✭ 158 (+1028.57%)
diwaA Deliberately Insecure Web Application
Stars: ✭ 32 (+128.57%)
WebmapA Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing
Stars: ✭ 188 (+1242.86%)
LnkupGenerates malicious LNK file payloads for data exfiltration
Stars: ✭ 205 (+1364.29%)
Darkspiritz🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍
Stars: ✭ 219 (+1464.29%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (+1200%)
Awesome Shodan Queries🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Stars: ✭ 2,758 (+19600%)
Evil SsdpSpoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.
Stars: ✭ 204 (+1357.14%)
HrshellHRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.
Stars: ✭ 193 (+1278.57%)
xss-chefA web application for generating custom XSS payloads
Stars: ✭ 70 (+400%)
Findom XssA fast DOM based XSS vulnerability scanner with simplicity.
Stars: ✭ 310 (+2114.29%)
YAPSYet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (+150%)
XsserCross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
Stars: ✭ 606 (+4228.57%)
CameradarCameradar hacks its way into RTSP videosurveillance cameras
Stars: ✭ 2,775 (+19721.43%)
V3n0m ScannerPopular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (+5950%)
JanusecJanusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关,提供快速、安全的应用交付。
Stars: ✭ 771 (+5407.14%)
BlackwidowA Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+6235.71%)
HackvaultA container repository for my public web hacks!
Stars: ✭ 1,364 (+9642.86%)
EzxssezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✭ 1,022 (+7200%)
ShurikenCross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.
Stars: ✭ 114 (+714.29%)
KnaryA simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Stars: ✭ 187 (+1235.71%)
Zap CliA simple tool for interacting with OWASP ZAP from the commandline.
Stars: ✭ 166 (+1085.71%)
WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+27564.29%)
FdsploitFile Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (+1321.43%)
Capsulecorp PentestVagrant VirtualBox environment for conducting an internal network penetration test
Stars: ✭ 214 (+1428.57%)
xssmapIntelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities
Stars: ✭ 107 (+664.29%)
WssatWEB SERVICE SECURITY ASSESSMENT TOOL
Stars: ✭ 360 (+2471.43%)
LscriptThe LAZY script will make your life easier, and of course faster.
Stars: ✭ 3,056 (+21728.57%)
security-wrapper对springSecurity进行二次开发,提供OAuth2授权(支持跨域名,多应用授权)、JWT、SSO、文件上传、权限系统无障碍接入、接口防刷、XSS、CSRF、SQL注入、三方登录(绑定,解绑)、加密通信等一系列安全场景的解决方案
Stars: ✭ 21 (+50%)
ProtectProactively protect your Node.js web services
Stars: ✭ 394 (+2714.29%)
QuiverQuiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
Stars: ✭ 140 (+900%)
AryAry 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
Stars: ✭ 241 (+1621.43%)
ResourcesNo description or website provided.
Stars: ✭ 38 (+171.43%)
SourcecodesnifferThe Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.
Stars: ✭ 87 (+521.43%)
JavasecurityJava web and command line applications demonstrating various security topics
Stars: ✭ 182 (+1200%)
Xssor2XSS'OR - Hack with JavaScript.
Stars: ✭ 1,969 (+13964.29%)
ReconftwreconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+6857.14%)
PyParser-CVEMulti source CVE/exploit parser.
Stars: ✭ 25 (+78.57%)
sqlscanQuick SQL Scanner, Dorker, Webshell injector PHP
Stars: ✭ 140 (+900%)
flask-vulnPretty vulnerable flask app..
Stars: ✭ 23 (+64.29%)
vafVaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+2000%)
hackableA python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks
Stars: ✭ 61 (+335.71%)
filter-var-sqliBypassing FILTER_SANITIZE_EMAIL & FILTER_VALIDATE_EMAIL filters in filter_var for SQL Injection ( xD )
Stars: ✭ 29 (+107.14%)
NosqlmapAutomated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+13671.43%)
SilentbridgeSilentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.
Stars: ✭ 136 (+871.43%)
Express Securitynodejs + express security and performance boilerplate.
Stars: ✭ 37 (+164.29%)
cdCloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.
Stars: ✭ 33 (+135.71%)
NightingaleIt's a Docker Environment for pentesting which having all the required tool for VAPT.
Stars: ✭ 119 (+750%)